Red Hat Ceph Storage is a massively scalable, open, software-defined
storage platform that combines the most stable version of Ceph with a Ceph
management platform, deployment tools, and support services.
A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash.(CVE-2016-5009)
Upstream acknowledges Xiaoxi Chen as the original reporter of CVE-2016-5009.
All ceph users are advised to upgrade to this updated package, which
contains backported patches to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | python-rbd | < 0.94.5-14.el7cp | python-rbd-0.94.5-14.el7cp.x86_64.rpm |
RedHat | 7 | x86_64 | ceph-test | < 0.94.5-14.el7cp | ceph-test-0.94.5-14.el7cp.x86_64.rpm |
RedHat | 7 | src | ceph | < 0.94.5-14.el7cp | ceph-0.94.5-14.el7cp.src.rpm |
RedHat | 7 | x86_64 | librbd1-devel | < 0.94.5-14.el7cp | librbd1-devel-0.94.5-14.el7cp.x86_64.rpm |
RedHat | 7 | x86_64 | ceph-debuginfo | < 0.94.5-14.el7cp | ceph-debuginfo-0.94.5-14.el7cp.x86_64.rpm |
RedHat | 7 | x86_64 | librbd1 | < 0.94.5-14.el7cp | librbd1-0.94.5-14.el7cp.x86_64.rpm |
RedHat | 7 | x86_64 | ceph-radosgw | < 0.94.5-14.el7cp | ceph-radosgw-0.94.5-14.el7cp.x86_64.rpm |
RedHat | 7 | x86_64 | ceph-common | < 0.94.5-14.el7cp | ceph-common-0.94.5-14.el7cp.x86_64.rpm |
RedHat | 7 | x86_64 | librados2 | < 0.94.5-14.el7cp | librados2-0.94.5-14.el7cp.x86_64.rpm |
RedHat | 7 | x86_64 | ceph-mon | < 0.94.5-14.el7cp | ceph-mon-0.94.5-14.el7cp.x86_64.rpm |